<?php
/*LOGIN CASE*/

session_start(); /*Craft o load the session and load session vars*/

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>Save a Tree</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php 
include ("gvar.php"); /*Load global system*/
$user = SuprCode($_POST['user']); /*Must have to add function to prevent command inyectors (disable <>, ;)*/
$ucpassword = SuprCode($_POST['psswd']);
if (isset($user) && $user != "" && isset($ucpassword)) {
	$salt = substr ($user, 0, 2); /*Cut and take 2 words of the user*/
	$key_crypt = crypt ($ucpassword, $salt); /*Crypts and hash the password, phase 1*/
	//$key_crypt = crypt ($ucpassword, $clave_crypt); /*Crypts more hash, phase 2. Security improvement strong*/
	$query = 'SELECT * FROM User WHERE UserName = "'.$user.'" AND Password = "'.$key_crypt.'"'; /*SQL Compare if the username and password matches*/
	$consulta = mysql_query ($query, $dbc) or die ("ERROR 500: Internal error in the server (Unable to check the user)");
	$nfilas = mysql_num_rows ($consulta);
	if ($nfilas == 1) {
		while($row = mysql_fetch_array($consulta)){
			$_SESSION["logID"] = $user;
			$_SESSION["logFN"] = $row["FirstName"];
			$_SESSION["logLN"] = $row["LastName"];	
			print ("<META HTTP-EQUIV='refresh' content='1;URL=index.php'>");
		}
	}
	else { 
    print('<div style="padding: 100px 0 0 250px;"><div id="login-box" class="login-box">Usuari o password incorrecte.
           <input style="margin-left:90px;" type="button" class="button" value="Enrere" onclick="location.href=\'index.php\'"/></div></div>'); 
  }
}
else {
print('<div style="padding: 100px 0 0 250px;"> 
  <div id="login-box" class="login-box">

  <!-- login form -->
        <h2>ACCES DEL PROFESSORAT</h2>
        L\'autentificació no és obligatòria, però sí necessària per l\'acces a tots els continguts de la pàgina. 
        Si no tenen usuari i password, tornin a la pàgina principal.
        <br>
        <br>
        <form name="login" method="post" action="login.php">
            <div>Usuari:</div>
            <input type="text" name="user" />
            <div>Password:</div>
            <input type="password" name="psswd" /><br />
          <input style="margin-left:90px;" type="submit" class="button" value="Log in">
        </form>
        <input style="margin-left:90px;" type="button" class="button" value="Enrere" onclick="location.href=\'index.php\'"/>
  <!-- end of login form -->  
  </div>
</div>
');

}


?>
</body>
</html>